Created
August 21, 2013 13:30
-
-
Save RJ/6294478 to your computer and use it in GitHub Desktop.
haproxy websockets config snippet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## GENERATED BY CHEF, DONT EDIT DIRECTLY | |
| global | |
| log 127.0.0.1 local0 | |
| log 127.0.0.1 local1 notice | |
| maxconn 10000 | |
| user haproxy | |
| daemon | |
| defaults | |
| log global | |
| mode http | |
| option httplog | |
| option forwardfor header X-Forwarded-For | |
| option dontlognull | |
| retries 0 # if we can't connect to backend, insta-fail, don't let haproxy retry.. ie, fail fast, since backends restarting takes a while anyway. | |
| option http-server-close # ignore server keepalive setting | |
| timeout server 40s # if nothing from backend server in 40s (we have idle timer <30s, so fine) | |
| timeout client 40s # boot clients at the same time as server gives up, if connection is borked | |
| timeout http-request 5s # slow-loris | |
| timeout connect 5s # making connections to backends | |
| timeout tunnel 60s # supercedes server/client timeouts after http UPGRADE to websocket (again, 30s idle msgs..) | |
| frontend public-http | |
| bind :80 | |
| redirect scheme https | |
| frontend public-https | |
| mode http | |
| # https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls | |
| bind :443 ssl crt /etc/.../example.com.pem ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH | |
| use_backend..... etc... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment